Banks to act as 'e-police' in Visa's online masterplan

Retail banks are set to become a key player in the war against online credit card crime, as part of Visa's latest e-security scheme.

Visa's plan - due to be launched later this summer - is designed to protect online shoppers and penalise merchants for lapses in security. It will also put the onus on banks to police the scheme.

According to the credit card giant, the stringent security standards mean that it will be up to the bank that handles transactions for a particular web site to make sure that trader's operation is secure.

Frank Williams, vice president of fraud at Visa, said the board of directors has already ratified the plan and it will launch in the next couple of months. "We have an international programme in the pipeline which will mean all acquirers [merchants' banks] of Visa cards will have to ensure that merchants' web sites are secure," he said.

Williams said recent incidents like Powergen had made the initiative necessary. "Under this programme if any merchant wants to use Visa, the acquirer has to certify that they are compliant."

The scheme will push responsibility for security to the acquiring banks that provide credit card transactions for their customers. If data becomes exposed or insecure on a certified site, the bank could face financial penalties from Visa.

"Data should always be physically secure," said Williams, "both on and offline. There should be limited access to it."

Sandra Alzetta, senior VP of Virtual Visa, said the company had seen a disproportionate number of credit card discrepancies from online sites. "Whenever something is new we always expect to see more disputes coming in," she said. "And there are always more disputes in 'card not present' transactions."

But according to Steven Philippsohn, partner at law firm Philippsohn, Crawfords and Berwald, Visa may face objections from the banks. "The general rule is that if somebody like the bank is responsible then that must be good for the customer. But what will the banks actually be able to do?" he said.

"You've got to be able to get at the merchant and make sure that company is heavily penalised. It's the classic situation - if there isn't a stiff enough penalty you're not going to get the right results," Philippsohn warned.